Prison threat for phone and internet firms

Directors of of mobile phone and internet companies who snoop on customers' private information face up to two years' imprisonment under tough new wire-tapping regulations being drawn up by ministers.

The move follows complaints that internet service providers (ISPs) are using private data to gather commercial information about their users' web-shopping habits.

Under this programme, the UK-listed company Phorm has developed technology that allows ISPs to track what their users are doing online. ISPs can then sell that information to media companies and advertisers, who can use it to place more relevant advertisements on websites the user subsequently visits.

The EU has accused Britain of turning a blind eye to the growth in this kind of internet marketing.

Under the proposed new Regulatory Investigatory Powers Act even unintentional illegal interception by communications providers would be punishable by £10,000 fines imposed by the Interception of Communication Commissioners Office. If the breach was shown to be intentional, the penalty could be a prison term of up to two years upon conviction.

The European Commission has already brought legal action against the UK government following public complaints about BT's secret trials of Phorm's web interception and profiling technology, and about the failure of British authorities to take any action against either firm.

The Crown Prosecution Service, (CPS) which has looked at whether BT's secret trials broke the law, is unlikely to take any further action.

One expert said: "While phone tapping is clearly illegal and unacceptable, it seems that spying on the digital communications and activity is not." The CPS, which considered a private complaint after the police dropped their official inquiry, is expected to make a final decision by the end of the month.

A Home Office spokesman said: "The EC E-Privacy Directive requires member states to ensure all communication on public networks is confidential. The proposed change would provide additional protection for users by making it clear when users have explicitly given their consent to their information being used."